RSS

How-To Geek

“Hi, I’m from Microsoft and we’ve noticed your computer has a lot of viruses.” This is how the Microsoft tech support scam starts. By the end, the victim has probably paid hundreds of dollars and had their computer infected.

This cold-calling telephone scam has been going on since 2008, but shows no sign of going away. If you have any relatives who might fall for it, be sure to let them know Microsoft won’t actually call them.

This scam isn’t just for Windows PCs. A new scam offers “Mac Technical Support” that works in a similar way, demanding access via a remote-desktop tool and requiring payment to fix non-existent problems.

Update: Just to be very clear, anybody who ever calls you saying there is a problem with your PC is a scammer (no matter who they tell you they are). Just hang up the phone.

How It Works

These scammers don’t send out scammy emails or text messages. Instead, they’ll call you on your telephone. It’s not even a recording — a real person will talk to you and try to trick you. The scammers appear to target absolutely everyone; they may be going through every number in the phone book.

When you pick up, the person will claim to be “from Microsoft,” “from Windows,” or from from something more specific, like the “Windows Service Center” or “Microsoft Support.” They tell you your computer is infected with viruses and has all sorts of PC problems that need to be fixed. At this point, a less technically inclined Windows user who may actually be facing PC problems may start falling for the scam.

The Tricks

If you stay on the line — and you shouldn’t — the scammers will attempt to demonstrate that they have information about what’s wrong with your computer. They’ll ask you to look at parts of Windows that generally aren’t accessible to average users. For example, they’ll ask you to look at your Event Viewer, Prefetch folder, and MSConfig utility. Average Windows users aren’t familiar with these system utilities, and the scammers will attempt to deceive them.

For example, a scammer will tell you to open the Event Viewer and verify that errors are present. The Event Viewer lists a variety of status messages for many different things in Windows, and errors are often completely innocuous. For example, below we have a variety of errors in that state Apple’s Bonjour service was “continuously busy for more than a second.” This may be helpful to developers debugging the service, but is completely irrelevant to average users. However, the red icon, “Error” message, and the sheer number of different errors can look scary to less-knowledgeable users. Scammers will inform you that these errors are proof of viruses.

Scammers will often direct you to the C:\Windows\Prefetch folder as well, telling you that each file in the Prefetch folder is a virus. These are actually harmless files that are used to speed up application launch times, but they have confusing looking names.

Scammers also like directing users to MSConfig, telling them that each stopped services on the Services tab represents a problem. To a less knowledgeable user, this might seem logical. In reality, Windows normally starts and stops services as needed. It’s normal for system services to be stopped.

Moving In For the Kill

With their victim suitably scared and terrified — after all, the person on the phone claims to be from Microsoft and knew there were various “problems” — the scammer moves in for the kill. The scammer directs the user to download TeamViewer or LogMeIn, legitimate and useful remote-access programs. After the user downloads the remote-access program, the scammer asks the user to grant them access to the computer.

The victim is then instructed to to enter their credit card information onto some sort of web form and pay hundreds of dollars — anywhere from $49 to $499 or more — as a fee to “extend the warranty” or “fix the PC.”

It’s unclear what happens if the victim pays. The scammer may install malware on the victim’s computer, take the victims’ credit card number or financial information and abuse it, or do other nasty things.

What To Do

If you receive a call from someone who claims to be “from Microsoft” or “from Windows,” the best thing to do would be to just hang up immediately. You can attempt to report the call, but these calls are coming from international numbers — often from India — and it’s honestly unlikely that much action will be taken against them. It’s been five years and such scams are ongoing in spite of some attempts at enforcement.

These scams continue because people continue to fall for them. If people stopped falling for the scams, they’d be a waste of time and would stop. The best way to stop them is to spread the word and ensure people won’t fall for these tricks.

If you fell for a scam, you should call your credit card company and inform them, telling them to cancel any charges and send you a new credit card. You should scan your computer for malware with a reputable antivirus product and change the passwords on your email account and financial accounts, just as you would if you discovered an actual virus on your computer.

I had 'the call' the other night - after he was finished telling me about all the problems and Trojans and viruses on my computer, he offered to fix everything. I told him I would miss all the problems if he did fix them and that I really enjoyed them and would hate to lose them!! There was silence on the other end. "You would what?" he spurted - then began chuckling and hung up.

Well, you SHOULD, actually, if only as a public service. The more time you pretend to be going along with what they tell you to do, the LESS time they wll actually be robbing more gullible people.

Pretend, for instance, if they mention 'open Windows', that you are going to do precisely that : if there' a snowstorm outside, explain patiently to them how COLD it would get and give a complicated explanation why you cannot.

So wd5dhk, you've had the call 3 times. I lost count ages ago. I have tried leading them up the garden path, pulling out my ethernet cable first so that things wouldn't go according to the caller's plan; patiently explaining that I am a computer professional (retired) and that I do know what he is talking about (ie tosh); tying them up in knots technically; etc, etc. Other times I will ask them to put document their concerns and evidence in writing and post it via snail mail so that I can weigh it up sensibly. Now I just say 'No thanks' and put the phone down. However they don't take the hint and keep on trying. I like NSDCars5's suggestion of giving them a Linux distro to play with.

It is interesting to see that they are trying to take on Macs.

The call I got today is a new slant. This time they pretended to be my internet service provider, BT, instead of from "Windows". The caller was obviously trying things out because he started coming out with terms from an old script and getting muddled. He didn't believe me when I said, no, my computer is not slowing down, and suggested that internet problems and downloads were the cause.

The interesting thing with this one is that on 09Nov13, didn't make it round the bend in the road and slammed into the telegraph pole, thereby severing comms to the neighbourhood. When pole was replaced and service restored 12 days later, I quickly found out that the broadband speed was well below par at about 55%. I waited a week to see how it rebalanced to no avail and so I complained to BT call centre. Question : has there been a leak in the call centre ? It seems suspiciously like it. Has anyone else out there had such suspicions ?